Privacy Policy

1. Information We Collect

To provide our bio-acoustic intelligence services, we collect and process the following categories of data:

1.1 Voice Recordings

Audio files you upload or record through our platform. These recordings are processed by our 3,000+ AI analysis engines across multiple categories to extract acoustic features including pitch, cadence, spectral energy, jitter, shimmer, harmonic-to-noise ratio, and other biosignal markers. We do not transcribe or store the semantic content of your speech.

1.2 Account Information

Email address, name, and authentication credentials provided during registration or Google OAuth sign-in. This data is used for account management, report delivery, and service communication.

1.3 Payment Data

All payment transactions are processed securely through Stripe. ORAVYS does not store your full credit card number, CVV, or banking details. We retain only transaction identifiers and purchase history necessary for order fulfillment and refund processing.

1.4 Technical Data

IP address, browser type, device information, operating system, session identifiers, and interaction timestamps collected automatically when you use the platform. This data supports security, performance monitoring, and abuse prevention.

1.5 Usage Data

Pages visited, analysis requests submitted, features used, and interaction patterns. Collected via anonymized Google Analytics (with IP anonymization enabled) for platform improvement.

1.6 Logged Fields During Analysis

When you use the analysis flow accessible from oravys.com (the public Audit Yourself and deepfake detection pages), the following fields about your request reach our application logs and observability systems. This list is exhaustive for that flow:

• Filename: the original name of the audio file you upload.
• Content-Type: the MIME type reported by your browser (for example, audio/webm).
• File size: the size of the upload in bytes.
• Audio duration: the duration of the recording in seconds.
• Sample rate: the audio sample rate in Hertz.
• Signal-to-noise ratio: a quality metric computed during pre-analysis checks.
• Mean opinion score: a quality metric computed during pre-analysis checks.
• Session ID: the identifier of your active browser session.
• Internal report ID: the identifier we generate for your analysis report.
• IP address: truncated for analytics purposes; the full IP is retained only when required for an active abuse investigation.
• Email address: if you provided one during the analysis flow (for example, to receive your report).
• User agent string: the browser and device identifier sent in the standard User-Agent header.

Fields not listed here are not logged for analysis requests on this flow.

2. How We Use Your Data

Your information is used exclusively for the following purposes:

• Service Delivery: Processing your voice recordings through our biosignal analysis engines and generating your requested reports.
• Account Management: Authentication, session handling, subscription management, and report access.
• Communication: Sending analysis reports, service notifications, order confirmations, and responding to support requests.
• Platform Improvement: Anonymized, aggregated data may be used to improve model accuracy and platform quality. No individual re-identification is possible from aggregated data.
• Security: Fraud detection, abuse prevention, and maintaining the integrity of our systems.
• Legal Compliance: Meeting our obligations under applicable law.

2b. Usage Monitoring, Fair Use Enforcement, and Compute Data

To maintain platform stability, enforce fair use policies, and protect the Service for all users, ORAVYS collects and processes the following additional categories of data:

2b.1 Compute and Resource Usage Data

ORAVYS monitors and records metrics related to your use of computational resources, including but not limited to:

• Analysis Request Metrics: Number of analyses submitted, frequency of submissions, audio file durations, file sizes, and audio formats processed per account and per billing period.
• Processing Resource Consumption: CPU time, memory usage, and engine processing duration associated with your analysis requests. This data is collected in aggregate per account and is not linked to the content of your audio recordings.
• Rate Limit and Quota Tracking: Records of your current usage against your tier's allocated quotas, including timestamps of analysis requests, API calls, and real-time session durations.
• Overage and Threshold Events: Automated records generated when your usage approaches or exceeds your tier's fair use thresholds, including timestamps, resource type, and volume of excess usage.

2b.2 Purpose and Legal Basis for Usage Monitoring

Compute and resource usage data is processed for the following purposes:

• Fair Use Enforcement (Legitimate Interest, Art. 6(1)(f) GDPR): Monitoring usage patterns to ensure equitable access and prevent any single account from consuming disproportionate resources that would degrade service for other users.
• Abuse Detection and Prevention (Legitimate Interest, Art. 6(1)(f) GDPR): Detecting automated access, bot activity, scraping, and other forms of compute abuse that violate our Terms of Service.
• Billing and Overage Calculation (Contract Performance, Art. 6(1)(b) GDPR): Calculating usage-based charges, overage fees, and ensuring accurate billing for your subscription tier.
• Capacity Planning (Legitimate Interest, Art. 6(1)(f) GDPR): Anonymized, aggregated resource usage data is used for infrastructure planning and capacity management. No individual re-identification is possible from this aggregated data.

2b.3 Automated Enforcement Actions

ORAVYS employs automated systems to enforce fair use policies and protect platform stability. These systems may automatically:

• Throttle or rate-limit your access when usage exceeds your tier's allocated quotas.
• Queue or delay analysis requests during periods of high platform load.
• Flag accounts exhibiting patterns consistent with automated or abusive usage for human review.
• Temporarily suspend access when automated abuse is detected with high confidence.

Automated enforcement actions are not considered "automated decision-making producing legal effects" under GDPR Article 22, as they are technical measures necessary for contract performance and do not produce legal effects beyond temporary service management. If you believe an automated enforcement action was applied in error, you may contact [email protected] for human review.

2b.4 Retention of Usage Monitoring Data

Compute and resource usage data is retained as follows:

• Real-time metrics: Retained in memory during active sessions only; not persisted beyond the session.
• Daily and monthly usage aggregates: Retained for the duration of your account plus twelve (12) months for billing reconciliation and dispute resolution.
• Abuse detection logs: Retained for up to ninety (90) days for security and forensic purposes.
• Anonymized capacity planning data: Retained indefinitely in aggregate form with no possibility of individual re-identification.

3. Voice Data Processing

Voice data is uniquely sensitive. ORAVYS implements specific protections for audio recordings:

• In-Memory Processing (default): For the analysis flow accessible from oravys.com pages (the public Audit Yourself page and the deepfake detection page), your audio is processed in memory by our engine pipeline. The result is returned, and the buffer is freed. We do not write the audio file to long-term storage unless you have explicitly opted in to our Research Contribution program. The opt-in checkbox is unchecked by default and revocable at any time. For details on how we train our detection models and the sources of our training data, see How ORAVYS trains its detection models.
• No Voice Fingerprinting: We do not create persistent voice fingerprints, speaker identification templates, or biometric profiles that could be used to identify you across sessions or platforms.
• Transport Encryption and Limited At-Rest Encryption: Audio in transit between your browser and our compute region is protected by TLS 1.3. Encryption at rest (AES-256) applies only to samples retained under the Research Contribution opt-in described in Section 5.1, and to files stored under enterprise contracts. By default, no audio is written to long-term storage, so the at-rest encryption layer is engaged solely for those opt-in or contractual paths.
• No Cross-Session Linking: We do not link audio from different sessions to build persistent voice profiles unless you explicitly enable this feature.
• Consent Verification: ORAVYS may refuse to process audio that appears to have been recorded without proper consent of the speaker(s).

3.1 Real-Time Voice Analysis

When using WebSocket-based real-time analysis, your audio is streamed and processed as a continuous signal. During real-time sessions:

• Audio is processed in memory and is not persisted to storage during the session.
• Extracted biomarkers (stress, emotion, cognitive load) are transmitted back to your browser in real time.
• Sessions require authenticated access; unauthenticated connections are rejected.
• No audio data is retained after the real-time session ends unless you explicitly request a report.

3.2 Dual-Speaker Analysis

When two voice samples are submitted for comparative analysis:

• Each sample is processed independently by the engine pipeline.
• Comparative results (compatibility, relational dynamics) are derived from acoustic pattern differences, not identity matching.
• Both speakers must have provided consent for their voice to be analyzed. The submitting user is responsible for obtaining and documenting this consent.

3.3 Insurance and Forensic Analysis

For enterprise customers using forensic or insurance-related analysis:

• Forensic analysis engines (authenticity detection, coached speech detection, claim consistency) operate on acoustic patterns only.
• Results are investigative indicators, not definitive conclusions, and must be supplemented by human review.
• Enterprise forensic data handling is governed by a dedicated Data Processing Addendum (DPA) with enhanced retention and access controls.

4. Default Posture on Training and Retention

If you choose to enable the Research Contribution opt-in, your sample may be retained under the conditions described in Section 5.1 and may be used to improve detection accuracy. The opt-in is unchecked by default, separate from your general terms acceptance, and revocable at any time. The following posture applies across tiers:

• Free Tier: No retention by default. Optional Research Contribution opt-in available in the consent gate at the point of upload and in privacy settings.
• Pro Tier: No retention by default. Optional opt-in available upon request. Consent can be granted or revoked at any time.
• Enterprise Tier: Default behavior is set by the Data Processing Addendum (DPA). Custom data handling arrangements are auditable upon request.

If you provide feedback (such as rating a report or flagging a false positive/negative in deepfake detection), that specific interaction may be used to improve detection accuracy and service quality, with notice at the time of feedback. Feedback and content submitted through safety reporting mechanisms may also be used to maintain and improve the safety and reliability of the Service, so that critical signals (such as detection errors that could affect platform integrity) can be addressed.

5. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes described in this policy. The following granular retention schedule applies:

5.1 Audio File Retention

• Voice Recordings (Free Tier, default analysis flow): Processed in memory and freed at the end of the analysis. No audio file is written to long-term storage unless you have explicitly opted in to the Research Contribution program (opt-in unchecked by default, revocable at any time).
• Voice Recordings (Paid Reports): Retained for up to ninety (90) days to enable report regeneration and quality assurance, then permanently and irreversibly deleted from all storage systems including backups.
• Voice Heritage / Capsule Products: Retained for the contractual duration (10, 50, or perpetual years). Storage fees are included in the purchase price.

5.2 Report and Account Data Retention

• Analysis Reports: Retained for the duration of your account plus one (1) year after account closure or report generation date, whichever is later. You are responsible for downloading your report upon receipt.
• Account Data: Retained for the duration of your account, plus 12 months after account closure.

5.3 Billing and Financial Data Retention

• Billing Records: Transaction records, invoices, and payment history are retained for five (5) years from the date of the transaction, as required by applicable tax, accounting, and financial reporting regulations (including IRS requirements for U.S. entities and EU VAT record-keeping obligations).
• Payment Method Data: ORAVYS does not store credit card numbers or banking details. Stripe retains tokenized payment data per its own retention policies.

5.4 Biometric Data Retention

• Biometric Prints and Acoustic Features (default analysis flow): For the analysis flow accessible from oravys.com, extracted biometric features (such as pitch profiles, spectral signatures, jitter/shimmer measurements, and other acoustic biomarkers) are computed in memory during the analysis call and are not persisted to long-term storage at the end of the call. No persistent voiceprint or speaker-identification profile is built from this flow without a separate consent.
• With Explicit Consent: If you opt in to the Research Contribution program or to a feature that requires baseline comparison or longitudinal analysis, biometric features may be retained for the duration specified at the time of consent and are removed within thirty (30) days after consent expiration or withdrawal. Enterprise deployments may set a different retention duration through their Data Processing Addendum.

5.5 Technical and Security Data

• Technical / Usage Logs: Retained for up to 90 days for security, abuse detection, and debugging purposes.
• Abuse Detection Logs: Retained for up to 90 days for security and forensic purposes.
• Anonymized Capacity Planning Data: Retained indefinitely in aggregate form with no possibility of individual re-identification.

You may request early deletion of your data at any time by contacting [email protected]. Deletion requests are processed within 30 days.

6. Data Storage and Security

ORAVYS employs industry-standard and enhanced security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers is protected by TLS 1.3.
• Encryption at Rest: Data stored on our servers is encrypted with AES-256.
• Infrastructure: Hosted on Google Cloud Platform (europe-west1 region, EU). Secured with access controls, network segmentation, and continuous monitoring.
• Access Control: Employee access to user data is restricted on a need-to-know basis and protected by multi-factor authentication.
• PII Protection in Logs: Email addresses and personal identifiers are cryptographically hashed (SHA-256) before being written to system logs. Raw PII is never stored in application logs.
• Input Sanitization: All user inputs undergo sanitization to prevent cross-site scripting (XSS), log injection (CRLF stripping), and other injection vectors.
• Thread-Safe Operations: All shared-state operations (API key management, session handling, rate limiting) use thread-safe locking to prevent data corruption under concurrent access.
• WebSocket Authentication: Real-time voice analysis connections require verified session authentication. Unauthenticated WebSocket connections are immediately terminated.
• API Security: Enterprise API keys are managed with audit logging. All API responses include security headers (no-sniff, no-cache) to prevent information leakage.

While we implement commercially reasonable measures to protect your data, no internet transmission or electronic storage method is 100% secure. We cannot guarantee absolute security against unauthorized intrusion.

7. Third-Party Sharing

We may share data only with trusted service providers necessary to operate the platform:

• Google Cloud Platform: Infrastructure hosting and data storage (EU region).
• Stripe: Payment processing. Stripe receives only the payment data necessary to complete your transaction.
• SendGrid: Email delivery for report notifications and service communications.
• Google Analytics: Anonymized usage statistics (IP anonymization enabled).

All third-party providers are bound by confidentiality and data processing agreements. We do not share data with third parties for their independent marketing purposes.

7b. Consent Architecture

ORAVYS implements a layered consent framework designed to comply with the most stringent data protection requirements across all jurisdictions in which it operates.

7b.1 First Upload Consent

Before submitting any audio recording for the first time, you must provide explicit, affirmative consent acknowledging that: (a) your audio will be processed by AI-powered analysis engines; (b) biometric features will be extracted from your voice; (c) a forensic and/or psychological profile will be generated; and (d) you have read and understood the data processing described in this Privacy Policy. This consent is captured via an in-application consent mechanism and recorded with a timestamp, IP address, and consent version identifier.

7b.2 Separate Biometric Processing Consent

Because voice data constitutes biometric data under GDPR Article 9, the Illinois Biometric Information Privacy Act (BIPA), and equivalent biometric privacy laws, ORAVYS obtains a separate, specific consent for biometric processing that is distinct from the general terms of service acceptance. This biometric consent: (a) specifically identifies that biometric identifiers will be collected and processed; (b) describes the purpose of biometric data collection; (c) states the retention schedule for biometric data; and (d) may be withdrawn at any time without affecting other Service features.

7b.3 GDPR Article 9 Compliance for EU Users

For users located in the European Economic Area, biometric data processing is authorized exclusively under GDPR Article 9(2)(a) (explicit consent). ORAVYS does not rely on any other Article 9 exception for biometric voice processing. EU users receive an enhanced consent flow that: (a) provides granular, purpose-specific consent options; (b) clearly separates biometric consent from general service consent; (c) uses plain language to describe data processing activities; and (d) provides a one-click consent withdrawal mechanism.

7b.4 Audio Recording Consent Warranty

By submitting any audio recording, you warrant and represent that: (a) you have obtained all required consents from every individual whose voice appears in the recording; (b) in jurisdictions requiring two-party or all-party consent for audio recording (including but not limited to California, Illinois, Florida, Washington, Pennsylvania, and equivalent jurisdictions globally), you have complied with all applicable consent requirements; and (c) the recording was not obtained through illegal wiretapping, covert surveillance, or any other unlawful means. ORAVYS is not responsible for verifying the consent status of submitted recordings and relies entirely on your representation.

7c. Illinois Biometric Information Privacy Act (BIPA) Compliance

The human voice may constitute a "biometric identifier" under the Illinois Biometric Information Privacy Act (740 ILCS 14). ORAVYS provides the following disclosures and commitments in compliance with BIPA:

7c.1 Written Notice and Consent

Before collecting any biometric identifier or biometric information from an Illinois resident, ORAVYS provides written notice (via the in-application consent mechanism) that biometric identifiers are being collected and stored, and the specific purpose and duration of such collection and storage. ORAVYS obtains a written release (electronic signature or affirmative click-through consent) from each individual whose biometric identifier is collected.

7c.2 Retention Schedule

Biometric identifiers and biometric information derived from voice recordings of Illinois residents are retained in accordance with the following schedule:

• Active Processing: Biometric features are retained only for the duration of the analysis session.
• Extended Retention (with consent): Where explicit consent is obtained for extended retention, biometric data is retained for the period specified at the time of consent, not to exceed three (3) years.
• Destruction Timeline: Upon expiration of the retention period, upon achievement of the initial purpose for collection, or within thirty (30) days of a deletion request, whichever occurs first, all biometric identifiers and biometric information are permanently and irreversibly destroyed from all systems, including backups and archives.

7c.3 Prohibition on Sale and Profit

ORAVYS does not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information. Biometric data is used solely for the purpose of providing the Service as described in this Privacy Policy.

7c.4 Storage and Protection Standards

Biometric identifiers and biometric information are stored, transmitted, and protected using a standard of care that is at least as protective as the standard used for other confidential and sensitive information, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, and audit logging.

8. GDPR / RGPD Compliance

If you are located in the European Economic Area (EEA), the United Kingdom, or any jurisdiction with equivalent data protection laws, the following provisions apply:

8.1 Legal Basis for Processing

• Consent (Art. 6(1)(a) GDPR): We process your voice data based on your explicit consent, which you provide before initiating any recording or analysis. You may withdraw consent at any time.
• Contract Performance (Art. 6(1)(b)): Processing necessary to deliver the analysis report you requested and manage your account.
• Legitimate Interest (Art. 6(1)(f)): Anonymized, aggregated data used to improve model accuracy and maintain platform security. No individual re-identification is possible.
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws and regulations.

8.2 Special Category Data, Biometric Voice Data (Art. 9)

The human voice constitutes biometric data under GDPR Article 9. ORAVYS processes voice recordings exclusively for the declared analysis purposes under the following framework:

• Legal Basis: Explicit consent of the data subject (Art. 9(2)(a) GDPR), obtained via the recording consent mechanism before analysis.
• No Permanent Voiceprint Extraction: We do not create persistent biometric templates, voiceprints, or speaker identification profiles that could be used to identify you across sessions or platforms.
• No Biometric Identification: We analyze acoustic patterns for psychological and forensic insights. We do not perform biometric identification of individuals.
• Immediate Deletion: Audio recordings are deleted after analysis in accordance with Section 5 retention timelines.
• No Third-Party Transfer: Biometric voice data is never shared with, sold to, or accessible by any third party.
• Data Protection Impact Assessment (DPIA): ORAVYS has conducted a DPIA in accordance with GDPR Article 35 for its voice processing activities, given the systematic processing of biometric data at scale. Enterprise customers may request a summary of the DPIA findings.

Data minimization and purpose limitation principles are strictly applied: voice data is used solely for generating your analysis report and is never used for speaker identification or surveillance.

8.3 Your Rights Under GDPR

You have the right to:

• Access (Art. 15): Request a copy of all personal data we hold about you, including voice recordings, analysis results, and account information.
• Rectification (Art. 16): Correct inaccurate or incomplete personal data.
• Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"). Requests are processed within 30 days.
• Restriction (Art. 18): Request restriction of processing while a complaint is resolved.
• Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Object (Art. 21): Object to processing based on legitimate interest.
• Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond within 30 days as required by law.

8.4 International Data Transfers

For the analysis flow accessible from oravys.com, audio is processed in memory inside our EU compute region (Google Cloud, europe-west1, Belgium) and the buffer is freed at the end of the call (see Sections 3 and 5.1). Where retention is engaged through the Research Contribution opt-in or an enterprise contract, the retained sample is stored in the same EU region. Analysis results delivered as reports remain in the EU region for the retention durations described in Section 5.

Account data (name, email) may be processed by our sub-processors (Stripe for payments, Google for authentication) in jurisdictions outside the EEA. Where such transfers occur, they are governed by:

• Standard Contractual Clauses (SCCs): EU Commission-approved SCCs (Commission Implementing Decision (EU) 2021/914) are in place with all sub-processors that process personal data outside the EEA.
• EU-U.S. Data Privacy Framework: Where applicable, transfers to the United States are also supported by the EU-U.S. Data Privacy Framework certification of the receiving party.
• Transfer Impact Assessments: ORAVYS has conducted Transfer Impact Assessments (TIAs) for all international data transfers, evaluating the legal framework of the destination country and supplementary measures in place.
• Technical Safeguards: All international transfers are protected by encryption in transit (TLS 1.3), encryption at rest (AES-256), and access controls that limit data access to authorized personnel only.

Enterprise customers may request copies of the applicable SCCs and Transfer Impact Assessments by contacting [email protected].

8.5 Automated GDPR Rights Endpoints

ORAVYS provides programmatic API endpoints for exercising your GDPR rights:

• Data Export: Request a machine-readable export of all your personal data (account information, analysis history, consent records) via our GDPR data export endpoint.
• Data Deletion: Request complete erasure of your personal data via our GDPR deletion endpoint. Deletion is confirmed within 30 days.
• Consent Management: View and modify your consent preferences programmatically.

These endpoints are available at /api/v1/gdpr/ and require authenticated access. You may also exercise these rights by contacting our Data Protection Officer directly.

8.6 Data Protection Officer

For all GDPR-related inquiries, you may contact our Data Protection Officer at [email protected]. If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence (GDPR Art. 77).

8.7 EU AI Act Compliance (Article 50 and Article 52)

ORAVYS acknowledges the European Union Artificial Intelligence Act (Regulation (EU) 2024/1689) and its risk-based classification framework.

8.7.1 Risk Classification

Under the EU AI Act risk-based framework, ORAVYS has assessed its AI system as follows:

• General Consumer Use (Self-Analysis): Limited risk. Subject to transparency obligations under Article 50 (labeling AI-generated outputs).
• Employment and HR Context: High-risk AI system under Annex III, Category 4 (employment, worker management, access to self-employment). Subject to requirements for technical documentation, human oversight, accuracy monitoring, and conformity assessment.
• Insurance and Financial Context: High-risk AI system under Annex III, Category 5 (access to essential services, creditworthiness, risk assessment). Subject to enhanced documentation and oversight requirements.
• Law Enforcement Context: High-risk AI system under Annex III, Category 6. Subject to the most stringent compliance requirements including fundamental rights impact assessment.

ORAVYS is committed to meeting all applicable requirements including technical documentation, human oversight mechanisms, accuracy monitoring, bias testing, and transparency obligations. Enterprise customers deploying ORAVYS in high-risk contexts receive compliance guidance, risk assessment documentation, and may request conformity documentation.

8.8 Automated Personality Profiling (GDPR Art. 22)

ORAVYS offers an optional personality profiling feature that generates behavioral and personality trait assessments from acoustic biomarkers. This feature involves automated processing as defined by GDPR Article 22.

8.8.1 What Data Feeds Personality Profiling

Personality assessments are derived exclusively from acoustic signal features: pitch variability, speech rhythm, spectral energy distribution, vocal intensity patterns, pause dynamics, and respiratory markers. We do not analyze the semantic content (words, language, meaning) of your speech for personality profiling.

8.8.2 How Profiling Works

Acoustic features extracted by our engine pipeline are mapped against established vocal-behavioral correlation models to generate personality trait indicators across multiple dimensions (communication style, stress resilience, leadership patterns, emotional expressiveness, and others). These indicators are probabilistic and represent tendencies, not definitive characterizations. Confidence levels are displayed alongside each indicator.

8.8.3 Your Rights Regarding Personality Profiling

• Right to Human Review (Art. 22(3)): You may request human review of any personality assessment. A "Request Human Review" button is available on all profiling results. You may also submit your perspective on why you disagree with the assessment. Human reviews are conducted by a qualified reviewer with access to the raw data and the authority to modify or delete the automated profile. Reviews are completed within 30 days.
• Right to Object (Art. 21): You may object to personality profiling at any time via the "Skip Personality Profiling" toggle on the analysis page, or via the API endpoint /api/v1/gdpr/profiling-opt-out. Opting out does not affect other analysis features.
• Right to Contest (Art. 22(3)): You may contest any profiling result and express your point of view via the human review mechanism.
• Right to Withdraw Consent: You may withdraw personality profiling consent at any time without affecting the lawfulness of prior processing or other analysis features.

8.8.4 Data Minimization for Profiling

Personality deduction texts are generated client-side in your browser and are not transmitted to or stored on ORAVYS servers unless you explicitly choose to save or share your report. The profiling computation occurs locally, ensuring maximum data minimization.

8.8.5 Workplace and Educational Restrictions

In compliance with the EU AI Act Article 5(1)(f), ORAVYS restricts emotion-inferring features in workplace and educational contexts. Enterprise customers deploying ORAVYS for employment decisions (recruitment, evaluation, promotion) are subject to enhanced compliance requirements including mandatory fundamental rights impact assessments, formal human oversight protocols, and enhanced logging. Certain vocal stress and emotion indicators are suppressed in HR deployment contexts.

8.9 Automated Decision-Making (GDPR Art. 22)

ORAVYS analysis results are provided as informational and decision-support tools. No decision producing legal effects or significantly affecting any data subject is made solely on the basis of automated processing by the Service. The user is solely responsible for any decisions taken based on analysis results and must exercise their own professional judgment. ORAVYS does not engage in decision-making based solely on automated processing or profiling in a manner that produces legal effects concerning the data subject.

9. Privacy Settings and Consent Controls

ORAVYS provides reversible consent controls. The analysis flow accessible from oravys.com surfaces a consent gate at the point of upload that maps to the following form fields, all enforced server-side:

• Data processing consent (form field consent_data_processing): Default OFF. Required to run any analysis. Without it, the request is rejected.
• Voice biometric processing consent (form field consent_voice_processing): Default OFF. Required to run any analysis. Without it, the request is rejected.
• Research Contribution opt-in (form field consent_research_optin, alias voice_optin): Default OFF. Opt-in is what engages the retention path described in Sections 5.1 and 5.4. Revocable at any time.
• Product updates and marketing: Default OFF. Managed from your account settings.

Required consents must be granted at the point of upload. The Research Contribution opt-in is unchecked by default; without it, the audio buffer is freed at the end of the analysis call.

9b. Privacy by Tier

The default in-memory posture described in Section 3 applies across all tiers for the analysis flow accessible from oravys.com. Tier differences relate to retention scope, the consent surface, and contractual coverage:

• Free Tier: In-memory processing by default, the audio buffer is freed at the end of the analysis call. The fields listed in Section 1.6 are logged for service operation, abuse detection, and capacity planning. Sample-level retention only occurs if you opt in to the Research Contribution program.
• Paid Tiers (Single Report, Pro, Startup, and above): In-memory processing by default, with the same opt-in retention path. Operational metadata in Section 1.6 is still logged, the Research Contribution opt-in is presented in the consent gate at the point of upload.
• Enterprise Tier: Default behavior and any retention configuration are set by the Data Processing Addendum (DPA), including options for stricter or longer retention scopes, dedicated regions, and audit access. DPA available upon request.

9c. Data Processing in Connection with Service and Pricing Changes

When ORAVYS modifies its pricing, subscription plans, service features, or fair use policies (as described in our Terms of Service, Sections 8, 9, and 10), we may process the following data:

• Account and Subscription Data: Your current subscription tier, billing history, and payment method information are processed to apply pricing changes, migrate your account to an equivalent plan, calculate pro-rated refunds, or apply grandfathered pricing. Legal basis: Contract Performance (Art. 6(1)(b) GDPR).
• Communication Data: Your email address and notification preferences are used to deliver mandatory notices of material pricing or service changes, including grandfathering offers, migration notices, and cancellation options. Legal basis: Contract Performance (Art. 6(1)(b)) and Legal Obligation (Art. 6(1)(c) GDPR) where notice is required by consumer protection law.
• Usage History: Your historical usage patterns may be reviewed to determine appropriate plan migration recommendations when subscription tiers are restructured. This processing uses aggregated usage metrics only and does not involve access to your voice recordings or analysis content. Legal basis: Legitimate Interest (Art. 6(1)(f) GDPR).

Data processed in connection with pricing and service changes is retained in accordance with the retention periods specified in Section 5 of this Privacy Policy and applicable tax/accounting retention requirements.

10. Zero Data Retention (ZDR) Mode

The default analysis posture described in Sections 3 and 5.1 already covers the audio sample itself: the buffer is freed at the end of the call unless the Research Contribution opt-in is engaged. ZDR mode is an enterprise add-on that goes further and constrains the operational metadata layer too:

• Audio is processed in-memory in the same way as the default flow, with the Research Contribution path disabled by contract.
• Only the generated report is delivered to you, the report retention scope is set by the Data Processing Addendum.
• The fields listed in Section 1.6 are reduced to the minimum required for security and abuse detection during the active session, no derived features are retained beyond the call.
• Abuse detection signals are computed during processing only.

ZDR mode is designed for legal, healthcare, and government use cases. Contact [email protected] to activate.

11. Cookies and Tracking

ORAVYS uses only essential cookies required for the platform to function:

• Session Cookies: Authentication tokens and session identifiers. Expire when you close your browser or after the session timeout period.
• Security Cookies: CSRF protection tokens to prevent cross-site request forgery.
• Preference Cookies: Language selection and display settings.

We do not use advertising cookies, cross-site tracking pixels, or third-party trackers that share data with advertisers. Google Analytics (with IP anonymization) is used for basic usage statistics. You can opt out via your browser settings, an ad blocker, or the Global Privacy Control (GPC) signal.

11b. Self-Hosted Web Assets (No Third-Party CDN Tracking)

To prevent third-party data leakage to font, script, or analytics providers, ORAVYS serves all critical web assets from its own infrastructure:

• Typography: All fonts (Inter, Source Serif, JetBrains Mono, Rajdhani, Syncopate) are loaded from app.oravys.com/static/fonts/. ORAVYS does not load fonts from fonts.googleapis.com or fonts.gstatic.com, which would otherwise transmit your IP address to Google on every page load (a documented EU GDPR Art. 6 / Schrems II concern).
• JavaScript libraries: Alpine.js and HTMX are served from app.oravys.com/static/js/vendor/. No request is made to cdn.jsdelivr.net or unpkg.com for these libraries.
• Result: A standard ORAVYS report page makes zero third-party network requests by default; only first-party requests to app.oravys.com are issued.

11c. Voice DNA Profile and Biometric Export Consent

The Voice DNA Profile is a visual fingerprint generated from your acoustic features (fundamental frequency, formants, jitter, shimmer, harmonic-to-noise ratio). Because these inputs constitute biometric data under GDPR Art. 9, the Voice DNA card is subject to the following safeguards:

• Categorical display only. The card displays qualitative bands ("Pitch: low / mid / high"; "Stability: stable / variable") rather than raw numeric biometric values. Raw F0 (Hz), jitter (%), HNR (dB), and shimmer (%) are not rendered into the public DOM.
• Per-session consent gate. The Share and Download actions are disabled by default. The first click on Share triggers a confirmation dialog that records consent in sessionStorage for the current browsing session only; closing the tab revokes consent.
• Sanitised export. When you download the Voice DNA SVG, any text node that contains a numeric biometric value (e.g. "150 Hz", "0.45 %", "20 dB") is stripped before serialization. The downloaded file contains only the visual pattern and the indelible "ORAVYS / AI-GENERATED, NOT A BIOMETRIC IDENTIFIER" watermark engraved in the SVG.
• Non-identifier. The Voice DNA pattern is generated for visual comparison only and is not a biometric identifier under ISO/IEC 19794. ORAVYS does not maintain a cross-session voiceprint database.

12. Global Privacy Control (GPC)

ORAVYS automatically detects and honors the Global Privacy Control (GPC) signal from your browser. When GPC is enabled:

• All optional analytics, tracking cookies, and performance metrics are disabled.
• Privacy settings default to their most restrictive configuration.
• No manual action is required from you.

12b. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) grants you the following rights:

• Right to Know. You may request the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, our business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete. You may request deletion of your personal information, subject to certain exceptions (e.g., legal retention obligations for billing records).
• Right to Correct. You may request correction of inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing. ORAVYS does not sell or share your personal information as defined under the CCPA/CPRA. We do not sell, rent, or trade personal data, voice recordings, or biometric information to third parties for monetary or other valuable consideration.
• Right to Limit Use of Sensitive Personal Information. Voice recordings and biometric data are treated as sensitive personal information. We process them only for the purposes disclosed in this policy (voice analysis services) and do not use them for purposes beyond what is necessary to provide the service.
• Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, contact us at [email protected] or use the automated rights endpoints described in Section 8.5. We will respond within 45 days of receiving a verifiable request. You may also designate an authorized agent to make a request on your behalf.

Categories of Personal Information Collected (preceding 12 months): Identifiers (name, email), commercial information (payment records), internet activity (usage logs), audio data (voice recordings), and inferences drawn from the above (analysis reports). See Section 1 for complete details.

13. Children's Privacy

ORAVYS does not knowingly collect data from children under 16 years of age. We do not permit analysis of voice recordings of minors under 16. If we become aware that we have processed a minor's data, we will immediately delete it and notify the parent or guardian if contact information is available.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

• We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33).
• If the breach is likely to result in a high risk to you, we will notify you directly without undue delay (GDPR Art. 34).
• Notification will include the nature of the breach, likely consequences, and measures taken to address it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and/or a prominent notice on the platform at least 30 days before they take effect. The "Last Updated" date at the top reflects the most recent revision. Your continued use of the platform after changes take effect constitutes acceptance of the revised policy.

15b. Business Transfers

If ORAVYS is involved in a merger, acquisition, or sale of assets, your information and any associated consent records may be transferred to the acquiring entity. Any such successor will be bound by the same retention, consent, and deletion commitments described in this policy. We will notify you in advance via the email address on file, and you will have the option to revoke your retention opt-in before the transfer is completed.

16. Contact Us

For privacy inquiries, data access requests, or concerns:

General: [email protected]
Data Protection Officer: [email protected]
Enterprise / ZDR: [email protected]

Oravys, Inc.
Delaware, USA

"ORAVYS" is a registered trademark (INPI No. 25 5212037, classes 9 & 42).